from .base import *

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecuri_vv+_s^+uv2=2kx621nvj&agbbykebqp5^ym2*t-qnsl^*cq'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

# 允许所有前端域名跨域访问（开发环境）
CORS_ALLOW_ALL_ORIGINS = True  # 不推荐生产环境使用

# 生产环境推荐白名单
CORS_ALLOWED_ORIGINS = [
    'http://localhost:8000',  # 后端地址
    'http://127.0.0.1:8000',  # 后端地址
]

# 允许携带认证信息（如 cookies, JWT）
CSRF_COOKIE_SAMESITE = 'Lax'  # 允许跨域携带 Cookie
SESSION_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_HTTPONLY = False  # 允许 JavaScript 读取 CSRF 令牌
SESSION_COOKIE_HTTPONLY = True
CORS_ALLOW_CREDENTIALS = True
CSRF_COOKIE_HTTPONLY = False   # 允许前端读取 CSRF 令牌
CSRF_TRUSTED_ORIGINS = [
    "http://localhost:8000",
    "http://127.0.0.1:8000",
    "http://localhost:5002",
    "http://127.0.0.1:5002",
]

ALLOWED_HOSTS = ['localhost', '127.0.0.1']

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    },
}

SPECTACULAR_SETTINGS = {
    'TITLE': 'MedQuest API',
    'DESCRIPTION': 'API documentation for MedQuest project',
    'VERSION': '1.0.0',
}